Listing of Claims 



This listing of claims 1-3 will replace all prior versions, and listing of claims in the 
application. 

1 . (Currently Amended) A method for detecting malicious scripts using a static 
analysis, 
comprising the step of: 

checking whether a series of methods constructing a malicious 
code pattern exist and whether parameters and return values associated 
between the methods match each other, 

wherein the checking step comprises the steps of: 

classifying, by modeling a malicious behavior in such a mannor that 
i t i nc l udes a to include combinat i on of unit behaviors each of which is composed 
of sub-unit behaviors or one or more method calls, 

converting each identified unit behavior and method call sentence 
into a matching rule for defining sentence types to be detected in script codes 
and 

generating at least one a relation rule for defining a relation 
between rule variables used in the sentences satisfying the matching rule; 

identifying gonoratinq instances of the matching rule by searching 
for code patterns matched with the matching rule from a relevant script code to 
be detected, extracting parameters of functions used in the searched code 
patterns and storing the extracted parameters in the rule variables; and 

identifving generat i ng instances of the relation rule by searching 
for instances satisfying the relations rule from a set of the generated instances of 
the matching rule. 

2. (Original) The method according to claim 1, wherein the matching rule is 
composed of rule identifiers and sentence patterns constructing malicious 
behavior and having the same grammar as a language of the scripts to be 
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detected, and wherein the relation rule comprises conditional expressions (Cond) 
in which conditions satisfying the relevant rule are described, and action 
expressions (Action) in which contents to be executed are described when the 
conditions in the conditional expressions are satisfied. 

3. (Original) The method according to claim 2, wherein the relation rule further 
includes preconditions (Precond) in which conditions that should be satisfied 
prior to the conditions in the conditional expressions are described, and the 
action expressions describe contents that will be executed when both the 
conditional expressions and the preconditions are satisfied. 
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